I'd like to know how much bigger is the ciphertext when encrypting a message using ECC encrytpion? ECIES (or ElGamal)
Asked
Active
Viewed 3,177 times
1 Answers
2
Ok, I sum it up.
In ECIES, which is a hybrid encryption scheme, the ciphertext size is one point of the curve + the size of the encrypted message (size of the message + small overhead of padding for the symmetric cipher) + the tag length of the used MAC. As CodesInChaos pointed out, if you work on a 256 bit curve (giving 128 bit security), then using point compression this will amount to 32 byte (and 64 otherwise) for the elliptic curve point and as he mentioned in addition to the ciphertext and the MAC some little overhead for the format.
A Note on ElGamal (as in the original Question): ElGamal is not really useful for larger messages and when using ElGamal in the elliptic curve setting hashed ElGamal should be your choice (as you avoid cumbersome mapping of messages to points on the curve). You could also use a hybrid version of ElGamal to achieve a hybrid cryptosystem like ECIES does.
But ECIES is standardized and provides better security (IND-CCA) as the ElGamal versions (only IND-CPA).
